GCC 10.1 Released(gcc.gnu.org) |
GCC 10.1 Released(gcc.gnu.org) |
[1] https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.h...
It does show potential, and I hope it improves in future. Be nice to have a libre version of coverity one day.
Edit: Output from compiling nbdkit upstream with -fanalyzer: https://paste.centos.org/view/8381f926
In GCC it's a compiler flag. In LLVM it's a convoluted process automated by either an irritating perl/python script (The python one isn't included by default for some reason despite being far more common these days) or AN ENTIRE WEB SERVER TO OUTPUT TEXT (Which thankfully isn't included by default).
I'm sure you could set it up in make but since my projects aren't large scale enough to really need it I can't be bothered, even if it's one of those things you'll probably only need to write once and can just copy and paste ad-infinitum.
Biggest advantage I see is it's integrated into the compiler and so sees the same things the compiler does.
Having gcc do this out of the box helps people port their experience/skills with static analysis to other companies.
We already have clang-tidy and I like it too but it's nice to have a fall-back to compare when one produces a strange result. And a bit of competition is always good to have between such projects. And on most big projects it's not like you can just change the build system to use another compiler.
Also I found some interesting cases which valgrind didn't see because it was in an unreachable branch.
Basically this replicates what clang-tidy did
You could do something like that at runtime though, but then you have Valgrind, basically.
https://herbsutter.com/2018/09/20/lifetime-profile-v1-0-post...
"Update on C++ Core Guidelines Lifetime Analysis. Gábor Horváth. CoreHard Spring 2019"
https://www.youtube.com/watch?v=EeEjgT4OJ3E
While it might never be Rust like due to language semantics, it is way better than not having anything.
static const int π = 3;
int get_naïve_pi() {
return π;
}
present?(p) // return bool
get!(g) // throw if not found
Of course you can also cause all sorts of mayhem. Even disregarding fun such as GREEK QUESTION MARK looking like a semicolon and zero-width spaces, I probably would not use this feature in enterprise code. Too likely that some tool somewhere (e.g. an alternate compiler?) is KO'd by characters outside of basic ASCII range (which has served us well and will keep doing so).
Nice to see a bunch of C++20 features making it in. Coroutines seems like a big one!
Goes to look at README.Bugs. Holy cow, I don't have time to to check all those places to see if it has been reported already.
[1]: https://launchpad.net/~ubuntu-toolchain-r/+archive/ubuntu/pp...
Surely it's available from here at the very least?
> or any of the mirrors I tried
Seems to be to me?
ftp://ftp.mirrorservice.org/sites/sourceware.org/pub/gcc/releases/gcc-10.1.0/
I've been meaning to formally prove one of our internal "mini libraries" using Frama-C. If we did that then no one would be able to complain about bugs in it :-)
I rather have no unicode identifiers than insecure identifiers, which don't follow the unicode security guidelines for identifiers.
You want to develop with new tooling, so a newer release under lxd/lxc. But you probably want to deploy on an lts release - maybe the one comming in a year?
You could of course develop under arch in lxd/lxc - then validate for an lts release once your code is "done".
But I don't think you'd generally would want to deploy to arch - as you'd have to play catch-up in order to keep up with security patches (or backport yourself)?
Compiling with clang is much, much slower but it finds interesting errors sometimes. I only had to ifdef out one code section that it couldn’t understand (something about indexing an array with a constexpr function returning an enum class from a template parameter).
It depends on the project, but this one and another project I made work are both 100k lines of C++ and took half a day to setup. It was worth it imo.
It might have something to do with a heavy usage of templates in a few files, I don't know.
Clang's autovectorization is better in a few functions I disassembled but otherwise the generated code doesn't benchmark any faster, it's better in some places, worse in others.
clang --analyze --analyzer-output text ...
Hopefully in a future version the kinks are ironed out and we can just use the flag without any hassle. It's like if we needed to still manually link our files with ld before compiling them instead of clang auto doing it.
-% scan-build10 make
scan-build: Using '/usr/local/llvm10/bin/clang-10' for static analysis
...
scan-build: No bugs found.
(but as a non english person, I find it very helpful to be able to have unicode in strings)
Many of these characters are hard to type on regular keyboards, which is probably what the parent commenter was referring to.
One of the core ideas of working with LTS is that you can build your software on an LTS release and ship it to somebody else on the same LTS release, either as a source or as a binary.
If you want the latest GCC, that's fine, you're not forced to use the default compiler distributed with your OS. But it doesn't make sense to update the default compiler used in an LTS release. If you want that, then you don't want LTS.
If you want to develop an application, you use your own toolchain. But yes I know most C++ people don't d this because C++ tools don't easily support it. But that's on C++ for not having pyenv, rustup, multiruby, etc equivalent.
This needs to be emphasized.
Yes, and updating compilers don't prevent that at all. You can use GCC 10 to ship code that will build and run on Ubuntu 12.04 without issues. Xcode 11 can ship code that works back to macOS 10.6 and Visual Studio 2019 can still optionally target windows fucking XP !
This is incorrect. In practice, for larger code bases, upgrading to a newer version of GCC or Clang is something that must be done purposefully, and you must test.
Sometimes it turns out that your code relies on some compiler behavior which has changed. Sometimes newer compilers are stricter than older compilers. There are plenty of real-world cases of these problems!
> Xcode 11 can ship code that works back to macOS 10.6 [...]
There are a number of features that are specific to the macOS toolchain which make this possible. Take a look at the "-mmacosx-version-min" flag on the macOS compiler. This selectively enables and disables various APIs. These features don't solve all the compatibility problems, either.
> Visual Studio 2019 can still optionally target windows fucking XP !
We're talking about Linux here. The Windows toolchain is radically different.
You do understand that ABI backward compabitility is not ensured, don't you?
https://gcc.gnu.org/onlinedocs/libstdc++/manual/abi.html
Some software packages even break between distro releases.
The primary value of a distro is to provide a fixed platform that application developers and users can safely target. Risking ABI breakups just because a rare number of users wish to be on the bleeding edge without wanting to do any of the work to install their own software is something that's very hard to justify.
IIRC there's still an issue with gethostname which must be dynamically linked.
In practice this can be "undefined behavior" like dangling pointers or data races. Maybe the new version of the compiler happens to reorder a couple of instructions (which it's perfectly within it's rights to do) which turns a "benign" race into a crash or an exploitable security issue. Is it your fault for writing these bugs? Sure. But if you're a big organization, and you know you have bugs like this, is this a reason not to upgrade your compiler? Absolutely. All the real world testing you've done on your current binaries has value, and losing some of that value needs to be weighed against the benefits of upgrading.
So if you hit issues, do what you do on every other system which is "installing older Xcode / Visual Studio" ? That would not be an issue at all if the toolchain wasn't vendored as part of the distro, you'd just have something like rustup that allows you to use whatever version of the toolchain your project requires.
> There are a number of features that are specific to the macOS toolchain which make this possible. Take a look at the "-mmacosx-version-min" flag on the macOS compiler. This selectively enables and disables various APIs.
yes ? https://gcc.gnu.org/onlinedocs/gcc/C_002b_002b-Dialect-Optio...
> We're talking about Linux here. The Windows toolchain is radically different.
what I'm saying is exactly that the Linux desktop world would be in a far better place if Linux followed the Windows / macOS way of vendoring toolchains.
The only thing that is an actual issue on Linux if you want backward compatibility is glibc which does not have an easy way (AFAIK) to say "I want to target this old glibc version". But that's not the issue for what we are talking about which is "getting newer compilers on a given distro" - Red Hat & derivatives manage this without issue with the various devtoolsets for instance.
Or you could switch to LTS, which achieves the same thing.
The "english-literate" world (emphasis on literate) is, or historically has been, very familiar with Greek glyphs.
And that's just for humanities.
The mathematic and physics -literate world, doubly so. Everybody uses pi, theta, sigma (e.g. the summation formula) etc symbols...
I would be shocked if even 1% of native English speakers could list the full Greek alphabet much less have a comprehensive familiarity with what each letter means across all branches of mathematics. I would be shocked if even 5% of native English speakers could tell you what theta generally means in geometry, much less all its other meanings.
> The GNU C++ compiler, g++, has a compiler command line option to switch between various different C++ ABIs. This explicit version switch is the flag -fabi-version.
If you want to target a given distro, you -fabi-version this distro's ABI, just like you set -mmacosx-version-min on mac or set _WIN32_WINNT on windows
That is also mind-numbingly absurd to force upon the vast majority who couldn't care less about the bleeding edge and want a stable platform to act as a fixe target without risking random ABI breakages.
I should not be forced to endure a brittle and fragile and overly-complex compilation process just because a random guy somewhere had a whim about taking a compiler out for a spin.
The world expects stability. If you wish to try out some stuff, just download the compiler and build the damn thing yourself. Hell, odds are that there's already a PPA somewhere. So where's the need to screw over everyone?
but why would you have "random ABI breakages" ? there isn't any issue with using e.g. VS2010, 2012, 2015, 2017, 2019 to make a windows software for instance, so what makes you think Linux would be any different if you could install a compiler version of your choosing instead of the one fixed by Ubuntu / Debian / whatever. Why is it a problem for C/C++ but not for Go / Rust / every other native-compiled language in the universe ?
Rust supports MaybeUninit<> for the former example, and unsafe raw pointers for the latter. It needs unsafe because these patterns are not safe in the general case and absent an actual proof of correctness embedded in the source code, a static analysis pass can only deal with the general case.
I've expressed myself poorly in my original comment and apparently it looks like I was criticizing Rust but I wasn't. I was just pointing out that safety didn't come "for free" by toggling a compiler flag, you have to change the way you code some things. If C and C++ were to become safe languages, code would need to be rewritten using things like MaybeUninit, split_at_mut, RefCell etc...
C codebases then follow certain defensive programming customs to avoid reading uninitialized or out of bounds memory, at the cost of some performance. This is the right trade-off in C but, funnily enough, the more restrictive borrow checker has the opposite effect as you can give out inmutable and mutable references with wanton abandon because they get checked for unsafe behavior. It's the same difference as a a gun where the best practice is to keep it unchambered at all times to avoid the risk of a misfire, and a more modern gun with a safety: it's one more thing to think about but it actually smoothes the operation.
The restriction of immutability spares the programmer from worrying about whether unknown parts of the codebase are going to decide to mutate an object.
JavaScript's single-thread restriction (not counting web-workers) closes the door on all manner of nasty concurrent-programming problems that can arise in languages that promote overuse of threads. (Last I checked, NetBeans uses over 20 threads.)
Back to the example at hand, C has no restrictions, but that hobbles the programmer when it comes to reasoning about the way memory is handled in a program. It's completely free-form. Rust takes a more restrictive approach, and even enables automated reasoning. (Disclaimer: I don't know much about Rust.)
This is a good thing, because it makes lifetimes and ownership explicit and visible in the code. It serves the similar purpose as type annotations in function signatures.
> Or having multiple mutable pointers/reference to the same object
Sure you can have that with `unsafe`. And this is a good thing, because multiple mutable pointers to the same object is at best bad coding practice that leads to unsafe code, and you should avoid that in any language, including the ones with GC. Working with codebases where there are multiple distant things mutating shared stuff is a terrible experience.
If a C/C++ version of "borrow checker" could mark such (anti)patterns at least as warnings, that would bring a lot of value.
"Update on C++ Core Guidelines Lifetime Analysis. Gábor Horváth. CoreHard Spring 2019"
What about with a constrained (not necessarily general purpose) AI with the expertise of Scott Meyers, Andrei Alexandrescu, Herb Sutter and Alexander Stepanov?
I understand the benefits and the risks of them, and understand how Rust prevents both, but I dont yet understand why it's bad practice, and am interested to learn why.
There are compiler optimisations you can do if compiler knows about aliasing, but that’s not so much a software authorship problem. There are some curly problems with passing aliased mutable pointers to a function written for non-aliased inputs, like memcpy and I imagine quite a lot of other code.
But common to all of these things is that it’s pretty hard to figure out if the programmer is the one who has to track the aliasing. In hashmap pointer invalidation, your code might work perfectly for years until some input comes along and finally triggers a shift or a reallocation at the exact right time. (I know this — I recently had to write a lot of C and these are the kinds of issues you get even after you implement some of Rust’s std APIs in C.)
If N unrelated (or loosely related) things can mutate the same object, then you get a O(x^N) explosion of potential mutation orders and in order to understand that, you need to understand all the (sometimes complex) time-relationships between these N objects. This gets even much worse when some of these objects are also pointed from M other objects...
On the flip side, in case of using a simple unique_ptr (or a similar concept), this trivially reduces to a single sequence of modifications.
The parent was talking about the borrow checker so I only was talking about safe Rust code. Obviously if you consider that the entire C/C++ codebase is in a big unsafe {} block it'll work... because it won't do anything at all.
It's important to understand that unsafe doesn't turn off the borrow checker or disable any other of Rust's safety checks: if you use a reference in unsafe code, it will still be checked. The unsafe keyword only gives you access to these four features that are then not checked by the compiler for memory safety.
No, it is additional burden. If it was possible to do it without annotations, you bet we would do it!
Native English-speakers are very familiar with the "English alphabet" but that's irrelevant because we're comparing English words (or phrases) with Greek symbols.
> But both of you seem to disagree on what "literate", "very familiar" and "historically" really mean.
Perhaps, but I'm using standard meanings available from any English dictionary.
> Which is fine, language is not made to be precise - luckily we can use precise symbols where precise meaning matters, not English phrases. For example in math and physics.
You can assign precise meaning to words or phrases as easily as you can to Greek symbols. The two approaches differ in that it's easier for (at least English-speaking) humans to remember words or phrases that relate to or approximate the precise meaning than a random Greek letter (I'm sure someone will demand evidence, but this is hardly an extraordinary claim compared to its inverse) while letters (Greek or otherwise) are more expedient to write by hand.
That's irrelevant. The only aspect that is relevant is that the C++ standard does not define nor assume a standard or even fixed ABI, thus each compiler vendor just goes with the flow.
In some rare cases where a compiler vendor also controls the platform and essentially holds a vertically integrated monopoly, they are in a better position to not break the ABI all that often. Everyone else doing stuff in C++, whether writing programs or libraries or compilers or putting together OS distributions, just faces the music.
However if I sounded like I wanted to belittle Rust I really expressed myself poorly, I love the language and hope it'll eventually become the new C++. If anything I was attempting to make the opposite point: you can't fix C/C++'s flaws with a smarter compiler. We're not two releases of GCC away from having safe C without having to change anything.
You're conflating things and in the process making absurd comparisons. Windows is not Linux and GCC is not msvc++. GCC is very vocal on how they don't support ABI compatibility, and Microsoft was very vocal ensuring they enforce ABI compatibility from Visual Studio 2015 onward. There's a fundamental difference in multiple dimensions, which isn't bridged by mindlessly stating that GCC and mscv are both compilers.
ABI is the bane of C++. Why are you posting comments on a thread about C++ and the problems created by ABI if you are oblivious to this? The only thing you're managing to do is generate noise and make everyone waste their time with your posts.
> so what makes you think Linux would be any different
Because it is, and at many levels. Just the fact that you are entirely oblivious to this basic fact is enough to convince anyone not to bother with any further replies to this thread.
What? Apart from bugs, GCC has maintained backward compatibility for more than a decade, for both the compiler ABI and the standard library.
They were forced to break ABI for c++11 to implement the new string and list semantics, but the old ABI is still available.
That does not mean anything. Linux can be whatever people with enough free time want it to be. It's 100% possible to imagine a Linux-based system with a Windows-like userspace and pacing. Hell, technically you could just ship the Linux kernel, an init system, Wine and live in an almost windows-y world - even cl.exe works under wine.
> Why are you posting comments on a thread about C++ and the problems created by ABI if you are oblivious to this?
Because it's an entirely self-inflicted problem, caused by putting toolchains (among two thousand other things) in distros.
Again, why do people have no trouble shipping Rust which has zero ABI guarantees to ten year old Ubuntus and C++ couldn't ? The answer is, it totally can if you just let it and let go of shipping dev packages in distros, instead relying on C++-specific package managers such as conan or vcpkg for your dependencies.
I build my own software with latest versions of clang, Qt, boost and have no trouble distributing it to fairly old distros.
> Because it is, and at many levels.
yes, I'm asking about what could be, not what is ?
Source? They very rarely break ABI. They even release ABI break fixes sometimes.
> Microsoft was very vocal ensuring they enforce ABI compatibility from Visual Studio 2015 onward.
They try to keep ABI stable, but nothing is promised until the actual releases happen.
Always expect a new ABI version at some point in the future!